package com.mao.crowd.mvc.config;

import com.mao.crowd.constant.CrowdConstant;
import jdk.nashorn.internal.ir.RuntimeNode;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Security配置类
 * @author maomeng
 * @create 2021-06-09- 17:09
 */
@Configuration
@EnableWebSecurity
// 启用全局方法权限控制
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebAppSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    @Override
    protected void configure(AuthenticationManagerBuilder builder) throws Exception {
//        builder
//        //在内存中完成账号密码的检查
//        .inMemoryAuthentication()
//        // 指定账号
//        .withUser("zhang")
//        // 指定密码
//        .password("123456")
//        // 指定当前用户的角色
//        .roles("ADMIN")
//        .authorities("UPDATE","SAVE","DELETE");

        builder
        .userDetailsService(userDetailsService)
        .passwordEncoder(passwordEncoder);
    }

    @Override
    protected void configure(HttpSecurity security) throws Exception {
        security
        .authorizeRequests()
        //放行静态资源
        .antMatchers("/admin/to/login/page.html")
        .permitAll()
        .antMatchers("/bootstrap/**")
        .permitAll()
        .antMatchers("/crowd/**")
        .permitAll()
        .antMatchers("/css/**")
        .permitAll()
        .antMatchers("/fonts/**")
        .permitAll()
        .antMatchers("/img/**")
        .permitAll()
        .antMatchers("/jquery/**")
        .permitAll()
        .antMatchers("/layer/**")
        .permitAll()
        .antMatchers("/script/**")
        .permitAll()
        .antMatchers("/WEB-INF/**")
        .permitAll()
        .antMatchers("/ztree/**")
        .permitAll()
        .antMatchers("/index.jsp")
        .permitAll()
        .anyRequest()
        .authenticated()
        .and()
        .exceptionHandling()
        .accessDeniedHandler(new AccessDeniedHandler() {
            @Override
            public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
                request.setAttribute("exception",new Exception(CrowdConstant.MESSAGE_ACCESS_DENIED));
                request.getRequestDispatcher("/WEB-INF/system-error.jsp").forward(request,response);
            }
        })
        .and()
        .csrf()							// 防跨站请求伪造功能
        .disable()						// 禁用
        .formLogin()
        .loginPage("/admin/to/login/page.html") //登录页面
        .loginProcessingUrl("/security/do/login.html") //处理登录请求的地址
        .defaultSuccessUrl("/admin/to/main/page.html") //登录成功后前往的地址
        .usernameParameter("loginAcct")
        .passwordParameter("userPswd")
        .and()
        .logout()
        .logoutUrl("/security/do/logout.html")
        .logoutSuccessUrl("/admin/to/login/page.html")
        ;
    }
}
